Replacing NT4 PDC with Samba 2.2.2

David Kadlec david.kadlec at unicorn.cz
Wed Dec 19 03:57:02 GMT 2001


Hello,

we went through same scenario few days ago. The problem is with SID
creation - Samba does not make user's
SID as domainSID-userUID as you can maybe think. Instead it does it like
domainSID-(UID*2+1000). So they
have different SID on NT and Samba domain. You can construct UIDs of user
from their RID with reverse prodedure
(UID=(RID-1000) /2 ), but if you have some with odd RID, you dont have a
chance.

David Kadlec

----- Original Message -----
From: "Tim Allen" <timallen at ls82.fsnet.co.uk>
To: <samba at lists.samba.org>
Sent: Wednesday, December 19, 2001 8:58 AM
Subject: Replacing NT4 PDC with Samba 2.2.2


> Hi
>
> Haven't seen any responses to my earlier post (Transferring PDC duties to
> Samba) so here's a slightly different approach I'm trying which someone
can
> hopefully shed some light on.
>
> Is it possible to transfer domain-specific data from an NT4 PDC to a Samba
> 2.2.2 server, switch off the NT4 machine, set up smb.conf, switch on the
> Samba box such that the attached NT4/Win2000 workstations are blissfully
> unaware that the PDC has changed? In other words, doing the equivalent of
> setting up Samba as a BDC then promoting it to PDC, albeit manually.
>
> So far, I've done the following:
>
> Extracted the workstation machine accounts from the NT4 server using
pwdump
> and inserted into smbpasswd.
> Made the corresponding additions to /etc/passwd and etc/shadow.
> Extracted the NT4 SID and inserted into MACHINE.SID.
> Specified the netbios name to be that of the NT4 server in smb.conf.
>
>
> Doing the above does allow a login from one of the workstations, but the
> workstation considers this to be a new user, which is exactly what I'm
> trying to avoid, as the local profiles for each user are then lost. A log
> error message is also generated at login:
>
> Dec 18 16:19:28 golux smbd[15238]: [2001/12/18 16:19:28,
> 0]rpc_server/srv_netlog.c:api_net_sam_logon(208)
> Dec 18 16:19:28 golux smbd[15238]:   api_net_sam_logon: Failed to marshall
> NET_R_SAM_LOGON.
> Dec 18 16:19:28 golux smbd[15238]: [2001/12/18 16:19:28, 0]
> rpc_server/srv_pipe.c:api_rpcTNP(1204)
> Dec 18 16:19:28 golux smbd[15238]:   api_rpcTNP: api_netlog_rpc:
> NET_SAMLOGON failed.
>
> Any advice much appreciated.
>
> Tim Allen
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>





More information about the samba mailing list